prog: pkg/compiler: docs: introduce the `no_squash` attribute

The `no_squash` per-syscall attribute prevents the fuzzer from generating squashed arguments to a particular syscall. This is particularly helpful for pseudo-syscalls with elaborate arguments that are hard to reason about when they are squashed - e.g. for syz_kvm_add_vcpu() that takes a SYZOS program as an input. I've considered an alternative solution that prohibits ANY for all pseudo-syscalls. But there is a bunch of existing programs (both the tests and the repros) for syscalls like syz_mount_image() for which the benefit of not passing ANY is not immediately obvious. I therefore decided to go with an explicit attribute that can later be enforced for every pseudo-syscall at compile time.
author: Alexander Potapenko <glider@google.com> 2025-09-09 12:09:02 +0200
committer: Alexander Potapenko <glider@google.com> 2025-09-09 18:27:31 +0000
commit: 5ac84ab421465f8f15ac9350f9f33a4416b4b3b7 (patch)
tree: 4bd25bbaef09bb2a4fa31877862e8d2f20b17d1f /prog/mutation.go
parent: d291dd2d58a1885c00a60561048b6ceb1bf1206a (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/prog/mutation.go b/prog/mutation.go
index eb9e8285d..4d05e0a7d 100644
--- a/prog/mutation.go
+++ b/prog/mutation.go
@@ -145,6 +145,9 @@ func (ctx *mutator) squashAny() bool {
 	if ctx.noMutate[ptr.call.Meta.ID] {
 		return false
 	}
+	if ptr.call.Meta.Attrs.NoSquash {
+		return false
+	}
 	if !p.Target.isAnyPtr(ptr.arg.Type()) {
 		p.Target.squashPtr(ptr.arg)
 	}
author	Alexander Potapenko <glider@google.com>	2025-09-09 12:09:02 +0200
committer	Alexander Potapenko <glider@google.com>	2025-09-09 18:27:31 +0000
commit	5ac84ab421465f8f15ac9350f9f33a4416b4b3b7 (patch)
tree	4bd25bbaef09bb2a4fa31877862e8d2f20b17d1f /prog/mutation.go
parent	d291dd2d58a1885c00a60561048b6ceb1bf1206a (diff)